Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on February 16, 2016

Android malware that can erase devices remotely being used in attacks

Android malware that can erase devices remotely being used in attacks
Ben Woods
Story by

Ben Woods

Europe Editor

Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional online poker player. You can contact him via Twitter or on Google+.

There’s a piece of Android malware currently being used to launch attacks on handsets that, if successful, can result in the full wipe of a device.

According to Heimdal Security, a message being sent to random phone numbers around the world will give attackers complete control of a device if you click on the included link. It tries to get you to click by saying you have a new MMS message that needs to be downloaded.

The malware had been identified as ‘Mazar Android BOT’ and it silently retrieves and installs TOR on the victim’s phone via a legitimate Tor download URL.

android-mazar-admin-rights

It then unpacks TOR and connects it to a specific server, triggering a message to be sent.

The researchers lay out a number of ways in which the malware gives attackers control of a victim’s device – or access to their wider information through further monitoring.

Needless to say, an ‘app’ that can give total control to someone to do whatever they like is one worth avoiding – so no clicking on those random MMS links.

Protection measures

Interestingly, you can avoid all risk by setting your Android device’s language to Russian.

Given Android’s protections against malware largely coming from Google’s control of the Play Store, it’s little surprise to learn that for the malware to be successful you’ll need to have enabled the installation of apps from unknown sources.

It might sound like a ‘why the hell would I do that?’ point, but if you’ve ever installed Amazon Underground or Amazon Prime Video on Android, then there’s a good chance you probably forgot to switch that option back off too.

➤ Security Alert: Mazar BOT Spotted in Active Attacks – the Android Malware That Can Erase Your Phone [Via BBC]

Also tagged with